A researcher has found how a ransomware attack that can target a coffee maker independently.
Ransomware Attack On Coffee Maker
Security researcher from Avast, Martin Hron, has explained how smart coffee makers can make your life a hell. He found that an adversary can wage a ransomware attack on a coffee maker. Eventually, the victim would either have to pay the ransom as instructed or disconnect and dump the machine for good.
Sharing the details in a post, Hron revealed the attack strategy. In brief, he observed that the machine, when first connected with the companion app, creates its own WiFi network. This allows the user to connect any other device of the same vendor to the network.
When we downloaded the companion app, we saw that it allows you to create a network of any devices of this particular vendor and connects these devices to the home network and then allows you to control all the functions of your coffee maker or smart kettle. It also allows you to check the firmware version of the device and update it if needed.
While this sounds okay, the problem lies in that the entire connection is unencrypted. Hence, anyone can connect to the network and control the coffee maker.
He reverse-engineered the app firmware and found no encryption. He also analyzed the hardware to identify the WiFi modem and CPU.
While the hardware proved the machine useless for cryptomining, he could devise a ransomware attack for the machine.
Targeting The Machine With Ransomware
The researcher modified the firmware and aimed at the command that connects the machine to the network. Thus, whenever a user would connect the machine to the network, the ransomware would be run.
Describing the attack strategy, Hron stated in the post,
We used the unused memory space at the very end of the firmware to create the malicious code. By using the ARM assembler we created ransomware that when triggered renders the coffee maker unusable and asks for ransom, while at the same time turning on the hotbed, water dispensing heating element, permanently and spinning up the grinder, forever, displaying the ransom message and beeping. We thought this would be enough to freak any user out and make it a very stressful experience. The only thing the user can do at that point is unplug the coffee maker from the power socket.
He has also shared a video demonstrating the attack.
What About The Fix?
Unfortunately, the users of this coffee maker have no way to protect themselves. It’s because the specific model used in this study has reached its end of life support.
However, this isn’t the case with other models by the same vendor that still receive firmware updates.
Yet, given that the vendors never support any devices for decades, and the architecture of IoT, such threats always exist for an average user. According to Hron,
We live in a world where things talk to things, and where the number of smart things is slowly outnumbering the number of computers. These devices, for the most part, have no screen and can therefore mask malicious activities running in the background from their owners.
Seems the non-smart coffee makers were better for us, what do you think? Let us know via the comments section.